After discovering that an internal spreadsheet containing employee Social Security numbers and salary data was accidentally shared with all staff on a corporate messaging platform, you remove the file within 10 minutes. The compliance group asks you to complete the initial data-breach incident report so the data-protection officer (DPO) can decide whether outside regulators must be notified. Which one of the following details is most critical to include in that first report?
The marketing team's revision history for the spreadsheet
A brief description of the personal data exposed and an approximate count of the records affected
A cost-benefit analysis of notifying versus not notifying affected employees
A complete root-cause analysis that includes system patch-management logs
Regulators typically need to know the nature and scope of the breach before anything else. Article 33(3)(a) of the GDPR, as well as comparable U.S. state breach-notification statutes and FTC guidance, explicitly require that a breach report describe the categories of personal data involved and the approximate number of records or individuals affected. Without this information, the DPO cannot assess the level of risk or determine whether external notification is legally required.
The correct option provides the mandated information (type of data and record count).
The other options may be useful later in an investigation (root-cause analysis, cost estimates, marketing details) but are not prerequisites for determining regulatory reporting obligations at the initial stage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Article 33(3)(a) of the GDPR?
Open an interactive chat with Bash
What defines 'personal data' in data-breach regulations like GDPR?
Open an interactive chat with Bash
Why is the approximate number of records affected important in a breach report?
Open an interactive chat with Bash
CompTIA Data+ DA0-002 (V2)
Data Governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .